Matomo

Building security for M&A solutions: 5-years of SSDLC | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Case M&A solution SaaS 2019 - 2024

Building security for M&A solutions: 5-years of SSDLC

Overview

Industry

  • M&A SaaS provider

  • VDR

  • Diligence and productivity software

Technology stack

  • iOS, Android native apps

  • React Native mobile apps

  • GraphQL, REST and Java backend

Regulations

  • CCPA, GDPR, HIPAA

  • Internal security policies

  • Encryption Export Regulations

Challenges

Technology requirements

Long-term mitigation strategy

Flexible security architecture

Security tailored to product goals

Our approach

Tailored SSDLC process:

Measurable security:

Continuous monitoring of new threats and risks:

Solution

Application security expertise

Providing security guidance on complex features

An example of one of the sections in security regression checklist that is completed in for each release

An example of one of the sections in security regression checklist that is completed in for each release

Security processes

A screenshot from our lecture about dependency management recommendations for React Native libraries.

A screenshot from our lecture about dependency management recommendations for React Native libraries.

Assistance in dependencies management process

The number of security issues in open and done state for the last 3 years showing that security evolves together with the product functionality

The number of security issues in open and done state for the last 3 years showing that security evolves together with the product functionality

Collaborating as an internal security team

Products and services involved

Themis, a cross-platform crypto library

Themis, a cross-platform crypto library

Read moreThemis, a cross-platform crypto library
Mobile app security

Mobile app security

Read moreMobile app security
Security advisory

Security advisory

Read moreSecurity advisory
Security engineering

Security engineering

Read moreSecurity engineering

Results and outcomes

Breaking is easy, building is hard

We work together with your engineers to not only identify security weaknesses, but also to build effective defences that align with your product's security posture and your team's level of engineering expertise.

Contact us

Get whitepaper

Apply for the position

Our team will review your resume and provide feedback
within 5 business days

Thank you!
We’ve received your request and will respond soon.
Your resume has been sent!
Our team will review your resume and provide feedback
within 5 business days